1. Field of the Invention
The present invention relates generally to cryptographic systems. More particularly, it relates to systems and methods for realizing efficient combining of binary data at high speed to support various cryptographic processes. In particular this invention can be used for, e.g., but is not limited to, mitigating side channel information leakage that enables recovery of secret data via means such as differential power analysis (DPA).
2. Related Art
To carry out cryptographic computations, whether for encrypting data for confidentiality, signing data for proof of origin certification, or hashing data for authenticity certification, one may use methods for realizing deterministic combining functions that take two or more input values, each of various bit lengths, and produce an output value of some determinate bit length. For security these functions are often very complex. Conventional methods for realizing very complex combining functions as required for cryptographic computations call for building up complexity by splitting input quantities into small packets such as, e.g., but not limited to, 8-bit bytes, 16-bit di-bytes, etc., and then in parallel across the processor real estate, or serially in time combining these packets of the input via and/or/nor gates and registering intermediate results to await further processing in time.
There is a constant tension between first, complexity of the combining function necessary for good security, and second, realizing such complex functions quickly and efficiently as necessary to achieve the functional requirements of an application. Much effort has gone into achieving good cryptographic combining efficiently, but it would be good for additional progress to be made in this regard.
Secret values processed in conventional cryptographic methods are vulnerable to recovery by an adversary by exploiting information leaked via side channels, such as the instantaneous power consumption of a method as the secret value is being processed. One example of side channel leakage is differential power analysis (DPA). DPA involves measurement of a cryptographic system's computer processor's power usage and employment of statistical analysis to convert raw power signals back into the values being processed. Conventional cryptographic methods process secret key data and input information data generally by, e.g., but not limited to, 8-bit bytes (sometimes 16-bit di-bytes, and seldom beyond 32-bit quad-bytes) within a given algorithmic step. By this we mean for instance that if the secret key data is 128 bits (16 bytes) and the input information data is 128 bits, then within a single algorithmic step the two groups of 16-byte quantities may be combined by combining byte 1 of the key and byte 1 of the information, byte 2 of the key and byte 2 of the information, etc. Cryptographic processing methods implement such algorithms by combining these byte pairs across one or more clock cycles of the processor and storing intermediate values in processor registers awaiting another round of combination. The power consumption during these writes to registers are a prime source of information leakage. Conventional solutions have attempted to mask such power usage through various mitigation algorithms. Some conventional solutions remain vulnerable to such attacks.
Conventional security applications generally employ an integrated circuit (IC) on which may be embedded a secret value, or may employ a random number generator to derive one or more secret values. These secret values, whose bit lengths can range in size from roughly 64 to 2048 bits, and more, are used in cryptographic processes to realize security services such as, e.g., but not limited to, proof of identity, authentication, or data encryption. In many applications it is vital that these secret values never be exposed off of the device. Various signals conventionally emanate from the IC-based device as the device carries out cryptographic operations, whereby the signals may leak information about those secret values. In some instances, the signals can provide sufficient information to enable derivation of the core secret value(s), e.g. cryptographic keying material, used in the cryptographic process. Such so-called “side channel” signals can thus sometimes be employed to extract the core secrets from the device compromising the security service afforded by the device. DPA is a well-known, proven and powerful technique for an adversary to extract such device secrets from the device power consumption side channel.
Instantaneous power consumption of a device, referred to as a side-channel, leaks information about the values being processed by the device primarily when such values are written to, or read from, the device's registers. These register reads and writes take place at regular processor clock cycles of the device. Thus whenever the secret values are used in logic operations, and inputs or outputs of these logic operations are written to, or read from, the registers, information about the values being written, or read, is leaked by the device power consumption at that cycle.
An improved system and method for avoiding side channel attacks that overcomes shortcomings of conventional mitigation techniques is highly desirable.